The Agent Skills Directory

[DATA_EXFILTRATION]: The CLI tools provided (anysearch_cli.py, anysearch_cli.js, anysearch_cli.ps1, anysearch_cli.sh) include a feature in the batch_search command that reads the content of a local file if the argument starts with the '@' character (e.g., @queries.json). The content of the file is then transmitted to the vendor's API endpoint (https://api.anysearch.com/mcp). While intended for processing query lists, this capability could be abused to exfiltrate sensitive local data if an attacker tricks the agent into passing a sensitive file path to the command.
[EXTERNAL_DOWNLOADS]: The README.md provides installation instructions that involve downloading the skill's source code as a ZIP archive from the vendor's official GitHub repository at https://github.com/anysearch-ai/anysearch-skill/archive/refs/tags/v2.0.0.zip.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it retrieves and processes untrusted data from external websites.
Ingestion points: Data enters the agent's context through search result snippets from the search command and full-page Markdown content from the extract command in all CLI implementations.
Boundary markers: Absent. The skill does not implement or recommend the use of delimiters or specific framing instructions to help the agent distinguish search results from its core instructions.
Capability inventory: The skill environment permits network communication to the vendor's API and local file system access (reading/writing .env and runtime.conf) across all scripts.
Sanitization: Absent. Content fetched from the web is passed directly to the agent without filtering or sanitization.

anysearch